On 09/05/13 11:26, Jakub Hrozek wrote:
On Thu, May 09, 2013 at 08:34:50AM +0200, steve wrote:
> On 08/05/13 23:53, Lukas Slebodnik wrote:
>> On (08/05/13 22:46), steve wrote:
>>> Hi
>>> We have 1.10.0beta1 on lubuntu 13.04
>>>
>>> We have added
>>> dyndns_update=true
>>> dyndns_refresh=1
>>> to sssd.conf
>>>
>>> We expect to see an update request after 1 minute, but nothing
>>> happens. Are we correct to expect this behaviour?
>>>
>>> Cheers,
>>> Steve
>>
>> From manual page "sssd-ad"
>>
>> dyndns_refresh_interval (integer)
>> How often should the back end perform periodic DNS update in
>> addition to the automatic update performed when the back end
>> goes online. This option is optional and applicable only
>> when dyndns_update is true.
>>
>> Default: 86400 (24 hours)
>>
>> It is not explicitelly written, but you could noticed,
>> that default value is in seconds. (86400 seconds == 24 hours)
>>
> Hi. Thanks. I changed it to:
> dyndns_update=true
> dyndns_refresh=60
>
> No DNS request is made. We have a Samba4 dc which accepts dns
> requests from the windows clients so it seems to be working. I have
> set the log level to 6 but nothing gets logged. I'm looking in:
> /usr/local/var/log/sssd, /var/log/sssd
>
> It's starting OK and getent and user logins work fine, just not the
> dns update requests.
> sudo sssd -i -d3
> (Thu May 9 08:25:32 2013) [sssd[be[default]]]
> [sssm_simple_access_init] (0x0040): No rules supplied for simple
> access provider. Access will be granted for all users.
> (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init]
> (0x0080): No SUDO module provided for [default] !!
> (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init]
> (0x0020): No selinux module provided for [default] !!
> (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init]
> (0x0020): No host info module provided for [default] !!
> (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init]
> (0x0020): Subdomains are not supported for [default] !!
>
> Here is our sssd.conf. What are we missing to be able to trigger the
> dns update requests?
> [sssd]
> debug_level = 6
> services = nss, pam
> config_file_version = 2
> domains = default
>
> [nss]
>
> [pam]
>
> [domain/default]
> debug_level=6
> dyndns_update=true
> dyndns_refresh_interval=60
> ldap_schema = rfc2307bis
> access_provider = simple
> enumerate = FALSE
> cache_credentials = true
> #entry_cache_timeout = 60
> id_provider = ldap
^^^^
Currently the dyndns updates are only supported with id_provider=ad or
id_provider=ipa
Since you're using the POSIX attributes, you'd want to configure a
domain similar to:
id_provider = ad
ad_server = hh16.hh3.site
ad_domain = HH3.SITE
ldap_id_mapping = False
Hi
OK. Changed that but then sssd crashes after the first DNS update and no
update is performed:
sudo sssd -i -d3
(Thu May 9 11:55:25 2013) [sssd[be[default]]] [sssm_simple_access_init]
(0x0040): No rules supplied for simple access provider. Access will be
granted for all users.
(Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init]
(0x0080): No SUDO module provided for [default] !!
(Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init]
(0x0080): No autofs module provided for [default] !!
(Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init]
(0x0020): No selinux module provided for [default] !!
(Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init]
(0x0020): No host info module provided for [default] !!
(Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init]
(0x0020): Subdomains are not supported for [default] !!
(Thu May 9 11:55:41 2013) [sssd[be[default]]] [be_run_online_cb]
(0x0080): Going online. Running callbacks.
(Thu May 9 11:55:41 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done]
(0x0040): DNS update finished
(Thu May 9 11:55:43 2013) [sssd[be[default]]]
[resolv_gethostbyname_done] (0x0040): querying hosts database failed
[5]: Error de entrada/salida
(Thu May 9 11:55:43 2013) [sssd[be[default]]] [nsupdate_get_addrs_done]
(0x0040): Could not resolve address for this machine, error [5]: Error
de entrada/salida, resolver returned: [11]: Could not contact DNS servers
(Thu May 9 11:55:43 2013) [sssd[be[default]]] [nsupdate_get_addrs_done]
(0x0040): (Thu May 9 11:55:44 2013) [sssd] [sbus_dispatch] (0x0080):
Connection is not open for dispatching.
(Thu May 9 11:55:44 2013) [sssd[nss]] [sbus_dispatch] (0x0020):
Performing auto-reconnect
(Thu May 9 11:55:44 2013) [sssd[pam]] [sbus_dispatch] (0x0020):
Performing auto-reconnect
(Thu May 9 11:55:44 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child
[default] terminated with signal [11]
(Thu May 9 11:55:44 2013) [sssd[be[default]]] [sssm_simple_access_init]
(0x0040): No rules supplied for simple access provider. Access will be
granted for all users.
(Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init]
(0x0080): No SUDO module provided for [default] !!
(Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init]
(0x0080): No autofs module provided for [default] !!
(Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init]
(0x0020): No selinux module provided for [default] !!
(Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init]
(0x0020): No host info module provided for [default] !!
(Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init]
(0x0020): Subdomains are not supported for [default] !!
(Thu May 9 11:55:45 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making
reconnection attempt 1 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:55:45 2013) [sssd[nss]] [sbus_reconnect] (0x0080):
Reconnected to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:55:45 2013) [sssd[nss]] [nss_dp_reconnect_init] (0x0020):
Reconnected to the Data Provider.
(Thu May 9 11:55:45 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making
reconnection attempt 1 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:55:45 2013) [sssd[pam]] [sbus_reconnect] (0x0080):
Reconnected to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:55:45 2013) [sssd[pam]] [pam_dp_reconnect_init] (0x0020):
Reconnected to the Data Provider.
(Thu May 9 11:56:00 2013) [sssd[be[default]]] [be_run_online_cb]
(0x0080): Going online. Running callbacks.
(Thu May 9 11:56:00 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done]
(0x0040): DNS update finished
(Thu May 9 11:56:02 2013) [sssd[be[default]]]
[resolv_gethostbyname_done] (0x0040): querying hosts database failed
[5]: Error de entrada/salida
(Thu May 9 11:56:02 2013) [sssd[be[default]]] [nsupdate_get_addrs_done]
(0x0040): Could not resolve address for this machine, error [5]: Error
de entrada/salida, resolver returned: [11]: Could not contact DNS servers
(Thu May 9 11:56:02 2013) [sssd[be[default]]] [nsupdate_get_addrs_done]
(0x0040): (Thu May 9 11:56:03 2013) [sssd] [sbus_dispatch] (0x0080):
Connection is not open for dispatching.
(Thu May 9 11:56:03 2013) [sssd[nss]] [sbus_dispatch] (0x0020):
Performing auto-reconnect
(Thu May 9 11:56:03 2013) [sssd[pam]] [sbus_dispatch] (0x0020):
Performing auto-reconnect
(Thu May 9 11:56:03 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child
[default] terminated with signal [11]
(Thu May 9 11:56:04 2013) [sssd] [tasks_check_handler] (0x0020): Child
(default) not responding! (yet)
(Thu May 9 11:56:04 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making
reconnection attempt 1 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:04 2013) [sssd[nss]] [sbus_reconnect] (0x0020): Failed
to open connection: name=org.freedesktop.DBus.Error.NoServer,
message=Failed to connect to socket
/usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada
(Thu May 9 11:56:04 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making
reconnection attempt 1 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:04 2013) [sssd[pam]] [sbus_reconnect] (0x0020): Failed
to open connection: name=org.freedesktop.DBus.Error.NoServer,
message=Failed to connect to socket
/usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada
(Thu May 9 11:56:05 2013) [sssd[be[default]]] [sssm_simple_access_init]
(0x0040): No rules supplied for simple access provider. Access will be
granted for all users.
(Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init]
(0x0080): No SUDO module provided for [default] !!
(Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init]
(0x0080): No autofs module provided for [default] !!
(Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init]
(0x0020): No selinux module provided for [default] !!
(Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init]
(0x0020): No host info module provided for [default] !!
(Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init]
(0x0020): Subdomains are not supported for [default] !!
(Thu May 9 11:56:07 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making
reconnection attempt 2 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:07 2013) [sssd[nss]] [sbus_reconnect] (0x0080):
Reconnected to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:07 2013) [sssd[nss]] [nss_dp_reconnect_init] (0x0020):
Reconnected to the Data Provider.
(Thu May 9 11:56:07 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making
reconnection attempt 2 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:07 2013) [sssd[pam]] [sbus_reconnect] (0x0080):
Reconnected to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:07 2013) [sssd[pam]] [pam_dp_reconnect_init] (0x0020):
Reconnected to the Data Provider.
(Thu May 9 11:56:21 2013) [sssd[be[default]]] [be_run_online_cb]
(0x0080): Going online. Running callbacks.
(Thu May 9 11:56:21 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done]
(0x0040): DNS update finished
(Thu May 9 11:56:23 2013) [sssd[be[default]]]
[resolv_gethostbyname_done] (0x0040): querying hosts database failed
[5]: Error de entrada/salida
(Thu May 9 11:56:23 2013) [sssd[be[default]]] [nsupdate_get_addrs_done]
(0x0040): Could not resolve address for this machine, error [5]: Error
de entrada/salida, resolver returned: [11]: Could not contact DNS servers
(Thu May 9 11:56:23 2013) [sssd[be[default]]] [nsupdate_get_addrs_done]
(0x0040): (Thu May 9 11:56:24 2013) [sssd] [sbus_dispatch] (0x0080):
Connection is not open for dispatching.
(Thu May 9 11:56:24 2013) [sssd[nss]] [sbus_dispatch] (0x0020):
Performing auto-reconnect
(Thu May 9 11:56:24 2013) [sssd[pam]] [sbus_dispatch] (0x0020):
Performing auto-reconnect
(Thu May 9 11:56:24 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child
[default] terminated with signal [11]
(Thu May 9 11:56:25 2013) [sssd] [tasks_check_handler] (0x0020): Child
(default) not responding! (yet)
(Thu May 9 11:56:25 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making
reconnection attempt 1 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:25 2013) [sssd[nss]] [sbus_reconnect] (0x0020): Failed
to open connection: name=org.freedesktop.DBus.Error.NoServer,
message=Failed to connect to socket
/usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada
(Thu May 9 11:56:25 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making
reconnection attempt 1 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:25 2013) [sssd[pam]] [sbus_reconnect] (0x0020): Failed
to open connection: name=org.freedesktop.DBus.Error.NoServer,
message=Failed to connect to socket
/usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada
(Thu May 9 11:56:28 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making
reconnection attempt 2 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:28 2013) [sssd[nss]] [sbus_reconnect] (0x0020): Failed
to open connection: name=org.freedesktop.DBus.Error.NoServer,
message=Failed to connect to socket
/usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada
(Thu May 9 11:56:28 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making
reconnection attempt 2 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:28 2013) [sssd[pam]] [sbus_reconnect] (0x0020): Failed
to open connection: name=org.freedesktop.DBus.Error.NoServer,
message=Failed to connect to socket
/usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada
(Thu May 9 11:56:28 2013) [sssd[be[default]]] [sssm_simple_access_init]
(0x0040): No rules supplied for simple access provider. Access will be
granted for all users.
(Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init]
(0x0080): No SUDO module provided for [default] !!
(Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init]
(0x0080): No autofs module provided for [default] !!
(Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init]
(0x0020): No selinux module provided for [default] !!
(Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init]
(0x0020): No host info module provided for [default] !!
(Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init]
(0x0020): Subdomains are not supported for [default] !!
(Thu May 9 11:56:38 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making
reconnection attempt 3 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:38 2013) [sssd[nss]] [sbus_reconnect] (0x0080):
Reconnected to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:38 2013) [sssd[nss]] [nss_dp_reconnect_init] (0x0020):
Reconnected to the Data Provider.
(Thu May 9 11:56:38 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making
reconnection attempt 3 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:38 2013) [sssd[pam]] [sbus_reconnect] (0x0080):
Reconnected to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Thu May 9 11:56:38 2013) [sssd[pam]] [pam_dp_reconnect_init] (0x0020):
Reconnected to the Data Provider.
(Thu May 9 11:56:44 2013) [sssd[be[default]]] [be_run_online_cb]
(0x0080): Going online. Running callbacks.
(Thu May 9 11:56:44 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done]
(0x0040): DNS update finished
(Thu May 9 11:56:47 2013) [sssd[be[default]]]
[resolv_gethostbyname_done] (0x0040): querying hosts database failed
[5]: Error de entrada/salida
(Thu May 9 11:56:47 2013) [sssd[be[default]]] [nsupdate_get_addrs_done]
(0x0040): Could not resolve address for this machine, error [5]: Error
de entrada/salida, resolver returned: [11]: Could not contact DNS servers
(Thu May 9 11:56:47 2013) [sssd[be[default]]] [nsupdate_get_addrs_done]
(0x0040): (Thu May 9 11:56:47 2013) [sssd] [sbus_dispatch] (0x0080):
Connection is not open for dispatching.
(Thu May 9 11:56:47 2013) [sssd[nss]] [sbus_dispatch] (0x0020):
Performing auto-reconnect
(Thu May 9 11:56:47 2013) [sssd[pam]] [sbus_dispatch] (0x0020):
Performing auto-reconnect
(Thu May 9 11:56:47 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child
[default] terminated with signal [11]
(Thu May 9 11:56:47 2013) [sssd] [mt_svc_exit_handler] (0x0010):
Process [default], definitely stopped!
(Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0040): Returned with: 1
(Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Terminating
[pam][1997]
(Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Child [pam]
exited gracefully
(Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Terminating
[nss][1996]
(Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Child [nss]
exited gracefully
steve@pinoso:~$
The DC (Samba4) communicates with the client OK, users can still login
but under the old DNS:
ldb_wrap open of secrets.ldb
Kerberosg
ldb_wrap open of secrets.ldb
Kerberos: AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:56874 for
krbtgt/HH3.SITE(a)HH3.SITE
Kerberos: Client sent patypes: 149
Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE
Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITEg
ldb_wrap open of secrets.ldb
Kerberos: AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:56874 for
krbtgt/HH3.SITE(a)HH3.SITE
Kerberos: Client sent patypes: 149
Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE
Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITE
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- PINOSO$(a)HH3.SITE
Kerberos: AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:58454 for
krbtgt/HH3.SITE(a)HH3.SITE
Kerberos: Client sent patypes: encrypted-timestamp, 149
Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE
Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITE
Kerberos: ENC-TS Pre-authentication succeeded -- PINOSO$(a)HH3.SITE using
arcfour-hmac-md5
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- PINOSO$(a)HH3.SITE
Kerberos: AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:58454 for
krbtgt/HH3.SITE(a)HH3.SITE
Kerberos: Client sent patypes: encrypted-timestamp, 149
Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE
Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITE
Kerberos: ENC-TS Pre-authentication succeeded -- PINOSO$(a)HH3.SITE using
arcfour-hmac-md5
: AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:56874 for
krbtgt/HH3.SITE(a)HH3.SITE
Kerberos: Client sent patypes: 149
Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE
Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITE
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- PINOSO$(a)HH3.SITE
Kerberos: AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:58454 for
krbtgt/HH3.SITE(a)HH3.SITE
Kerberos: Client sent patypes: encrypted-timestamp, 149
Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE
Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITE
Kerberos: ENC-TS Pre-authentication succeeded -- PINOSO$(a)HH3.SITE using
arcfour-hmac-md5